Archives

I hated to cave in and do away with my catch-all address, but I finally had to do it. I saw a definite pattern where I’d get four or five apparently hand-crafted emails, followed within a few hours by a tidal wave of bounces. It appears to me that the spammer were probing my domain to make sure the catch-all was still in place so that their bounces wouldn’t be rejected. Then, upon confirming the catch-all, they’d engage the bots for a major spam run, with me catching all their crap. If I’d taken the catch-all off of the domain, their initial probes would have been summarily rejected by the SMTP server.

Because I’ve been using the domain for the past seven years for making up email addresses at will, I had lots of possibly valid addresses that I had to deal with. I wrote a short Perl script that groveled through all my old Inboxes (back to 2000) to extract all addresses with an aubreyturner.com address in the “To:” and/or “for” headers (in some cases, especially with lists, my address wouldn’t have been in the “To:” field), discarding duplicates. When I was done there were 1732 unique email addresses. I spent a couple of mind-numbing hours going through that list deleting garbage entries from spammer Joe Job backscatter. That left me with 604 addresses that I had to enter into the Dreamhost email control panel. Fortunately, they have a “bulk edit” feature for each domain. But it almost caused the panel to cough up a furball when I uploaded the list.

Now I’ve gone back and deleted another 30 or so that looked legit, but which I’d forgotten had been compromised by spammers.

If anyone out there has tried to email me and the message bounced, it’s probably because I missed an address in the alias file. I’ve verified that the Contact Form target address works, so you can get in touch that way.

Anyone for killing spammers and using their guts to hang them from light poles? Or am I the only one so annoyed?

I have a domain we never used for much, xtremeware.com, and it’s parked via ZoneEdit, with me getting anything @ it for e-mail. Recently the spammers have been having a field day sending from various addresses at that domain. I’m amazed I get as few bounces and verification notices as I do.

I’ve had it happen with other domains, to the point of shutting off the catch-alls on most of them, but they seem to really be abusing that one. I should remember to see if I can modify the settings, or move it off ZoneEdit, or whatever.

Heh. I like it. Afterward, the bodies can be gibbeted as reminders to others.

Jay,

I think once they find a domain that has catch-alls it gets put into some kind of list for reuse at a later time. What’s particularly annoying is that the catch-all probes are emails addressed to “catchthismail” or “helloitmenice” that say “Poor you, i don’t even think how much spam you are recive.”